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Abstract — We  study  the  problem  of  establishing  secure  com¬ 
munication  channels  in  resource-constrained  wireless  networks 
using  key  predistribution.  Pairwise  communication  channels 
between  nodes  are  secured  using  link  keys  which  are  established 
as  a  function  of  cryptographic  seeds  predistributed  to  each 
node.  We  propose  a  general  model  for  seed  assignment  which 
regulates  the  number  of  nodes  sharing  each  seed.  In  addition, 
we  provide  a  general  model  for  wireless  network  connectivity 
where  communication  is  restricted  by  both  radio  range  and 
an  independent  pairwise  relationship.  We  provide  probabilistic 
analysis  for  network  connectivity  and  resilience  to  node  capture 
in  terms  of  our  seed  assignment  and  network  connectivity  models. 
Finally,  we  provide  a  numerical  example  demonstrating  how 
the  proposed  approach  reduces  key  wastage  while  maintaining 
resilience  to  node  capture  of  prior  results. 

I.  Introduction 

Applications  involving  large-scale  wireless  networks  de¬ 
ployed  in  hostile  environments  require  the  development  of 
secure  protocols  that  can  operate  in  a  decentralized  manner. 
Due  to  limitations  such  as  the  wireless  radio  range,  battery 
energy,  and  computational  capability  of  each  node,  secure 
protocols  for  resource-constrained  networks  rely  on  shared 
symmetric  keys. 

A  promising  approach  to  symmetric  key  establishment  in 
wireless  networks  is  key  predistribution,  studied  in  various 
forms  in  many  papers  (e.g.  [  1  ]— [  10]).  In  a  key  predistribu¬ 
tion  scheme,  seeds  are  assigned  to  nodes  prior  to  network 
deployment.  For  generality,  we  use  the  term  seed  to  refer  to 
any  secret  quantity,  such  as  a  key  [4],  [5],  [7],  [8],  hashed 
secret  [3],  [6],  or  secret  share  [1],  [2],  [9],  [10],  used  for 
key  establishment.  The  network  is  then  randomly  deployed, 
suggesting  that  the  assignment  of  seeds  cannot  rely  on  post¬ 
deployment  node  location  and  must  be  tolerant  to  random 
placement  of  nodes.  After  physical  deployment,  neighboring 
nodes  must  determine  if  they  share  a  sufficient  number  of 
seeds  to  establish  a  link  key  for  secure  communication.  Hence, 
a  key  predistribution  scheme  must  specify  methods  for  both 
pre -deployment  seed  assignment  and  post-deployment  link  key 
establishment.  The  link  key  establishment  protocol  requires 
each  node  to  use  the  individually  assigned  seeds  as  inputs, 
and  thus  depends  on  the  outcome  of  seed  assignment.  Hence, 
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seed  assignment  plays  a  crucial  role  in  providing  a  connected 
network  while  maximizing  the  resilience  to  captured  nodes. 

The  most  resource  efficient  method  of  seed  assignment 
is  the  assignment  of  a  single  master  seed  to  every  node 
in  the  network.  This  solution  requires  minimal  storage  and 
minimal  communication  overhead  for  key  updates.  However, 
the  compromise  of  a  single  node  exposes  the  master  key  and 
compromises  the  security  of  the  entire  network.  A  solution 
which  prevents  compromise  due  to  node  capture  is  the  as¬ 
signment  of  a  unique  pairwise  key  to  each  pair  of  nodes. 
However,  this  scheme  requires  storage  for  ( N  —  1)  keys  in 
each  of  the  N  nodes  and  a  total  of  (A )  keys.  Furthermore, 
addition  of  a  single  node  to  the  network  would  require 
O(N)  communication  overhead  to  update  every  node  with  an 
additional  pairwise  key.  Hence,  methods  of  seed  assignment 
for  key  predistribution  schemes  exhibit  a  trade-off  between 
resilience  to  node  capture  and  resource  efficiency. 

A.  Motivation 

The  authors  of  [4]  proposed  random  key  predistribution 
to  balance  the  trade-off  between  resilience  to  node  capture 
and  storage  efficiency.  Seed  assignment  in  [4]  consists  of  the 
assignment  of  a  random  selection  of  K  seeds  from  a  pool  of 
P  seeds  for  each  node,  where  P  and  I\  are  chosen  to  provide 
a  connected  network  with  a  specified  probability.  The  link  key 
establishment  protocol  in  [4]  determines  if  a  seed  is  shared, 
in  which  case  the  shared  seed  is  used  directly  as  the  link  key. 
We  notice  that  each  node  selects  a  given  seed  randomly  with  a 
probability  ^  using  this  scheme.  Thus,  the  number  of  nodes 
which  share  the  given  seed  is  a  random  variable  distributed 
according  to  a  binomial  distribution  with  parameters  (N,  ^). 
Hence,  the  number  of  nodes  sharing  each  of  the  P  seeds 
is  highly  variable,  taking  values  between  0  and  N  with  an 
expected  value  of  /i  =  A  A .  If  the  number  of  nodes  sharing  a 
seed  is  much  less  than  /j,  the  probability  that  any  two  of  the 
nodes  will  be  within  wireless  communication  range  is  very 
small.  Hence,  the  probability  that  such  a  seed  will  be  used 
to  establish  a  link  key  is  very  small.  On  the  other  hand,  if 
the  number  of  nodes  sharing  a  seed  is  much  greater  than  /i,  a 
large  number  of  link  keys  will  be  established  using  the  seed. 
An  adversary  able  to  recover  such  a  seed  will  thus  be  able 
to  compromise  a  large  number  of  secure  channels  throughout 
the  network.  Such  worst-case  tail-effects  due  to  assignment 
of  seeds  to  a  number  of  nodes  much  greater  or  much  less 
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Fig.  1.  The  simulated  histogram  of  the  number  of  nodes  sharing  each  seed  satisfies  a  binomial  distribution.  The  simulated  and  theoretical  plots  are  given  on 
(a)  linear  vertical  axis  and  (b)  logarithmic  vertical  axis. 


than  //  cannot  be  analyzed  by  an  average-case  probabilistic 
analysis,  such  as  those  provided  in  [5],  [9],  [10].  Furthermore, 
any  key  predistribution  scheme  which  uses  a  similar  random 
seed  selection  method  suffers  from  the  same  tail-effects  of  the 
binomial  distribution. 

To  demonstrate  the  binomial  distribution  typical  of  random 
key  predistribution,  we  provide  Fig.  1  which  compares  the 
simulated  histogram  of  the  number  of  nodes  sharing  each  seed 
with  the  number  of  nodes  given  by  the  binomial  distribution. 

B.  Contribution 

In  order  to  reduce  key  wastage  due  to  assignment  of  seeds 
to  a  very  small  number  of  nodes  and  minimize  the  impact 
of  every  compromised  seed  on  the  remaining  network,  we 
propose  the  regulation  of  the  number  of  nodes  which  share 
each  seed.  As  will  be  shown,  such  regulation  does  not  affect 
the  average-case  performance  in  terms  of  network  connectivity 
or  resilience  to  node  capture.  However,  the  occurrence  of  tail- 
effects,  as  discussed  in  Section  I-A,  can  be  reduced. 

The  contributions  of  this  work  are  as  follows.  We  propose  a 
general  model  for  seed  assignment  using  discrete  probability 
distributions  to  regulate  the  number  of  nodes  which  share 
each  seed.  The  model  preserves  the  average-case  performance 
of  existing  schemes  (e.g.  [4],  [10])  in  terms  of  network 
connectivity  and  resilience  to  node  capture.  Furthermore,  we 
propose  three  seed  assignment  algorithms  for  use  with  the 
seed  assignment  model.  In  addition,  we  propose  a  connectivity 
model  for  networks  in  which  communication  is  restricted  by 
radio  range  and  an  independent  pairwise  relationship  such  as 
the  existence  of  a  shared  seed.  Finally,  we  demonstrate  the 
application  of  our  seed  assignment  and  connectivity  models 
and  analytically  compare  the  results  to  previous  works. 

The  paper  is  organized  as  follows.  We  propose  our  seed 
assignment  model  in  Section  II.  In  Section  III,  the  appropriate 
network  connectivity  model  for  secure  wireless  networks  is 


derived.  Section  IV  presents  the  analysis  of  network  connec¬ 
tivity  and  resilience  to  node  capture  according  to  the  proposed 
models.  Numerical  examples  and  comparison  to  previous 
works  are  presented  in  Section  V. 

II.  Proposed  Seed  Assignment  Model 

We  propose  a  general  model  for  seed  assignment  which 
allows  for  explicit  control  of  the  number  of  nodes  which  share 
each  seed.  The  model  is  given  with  respect  to  the  following 
definitions. 

A.  Mode I  Definitions 

The  set  S(s)  of  nodes  which  are  assigned  the  seed  s  is 
defined  as  the  assignment  set  of  seed  s.  The  number  of 
nodes  sharing  each  seed  is  regulated  by  the  designation  of 
an  assignment  distribution  V  which  specifies  the  probability 
V(A)  that  an  assignment  set  S(s)  has  size  A,  i.e.  'P(A)  = 
Pr[|S'(s)|  =  A].  The  set  of  values  A  with  non-zero  probability 
mass  is  defined  as  the  support  A  of  the  assignment  distribution, 
i.e.  A  =  {A  :  'P(A)  >  0}.  The  average  size  of  an  assignment 
set  under  an  assignment  distribution  V  is  denoted  by 

m  =  ^AP(A). 
asa 

The  given  definitions  provide  the  basis  for  the  proposed 
seed  assignment  model.  However,  the  seed  assignment  model 
further  requires  analytical  elements  to  allow  for  the  design 
of  assignment  distributions  which  can  avoid  the  tail-effects 
discussed  in  Section  I-A.  Furthermore,  given  an  desirable 
assignment  distribution,  the  model  required  a  seed  assignment 
algorithm  which  can  realize  the  given  distribution. 

B.  Assignment  Distribution  Design 

Though  the  design  of  an  assignment  distribution  is 
application-dependent,  we  provide  a  brief  discussion  of  some 


desirable  and  achievable  properties  of  assignment  distribu¬ 
tions. 

Based  on  the  discussion  in  Section  I  that  seeds  should  not  be 
assigned  to  small  or  large  sets  of  nodes,  the  optimal  solution  is 
to  assign  every  seed  to  a  fixed  number  of  nodes,  i.e.  |A|  =  1. 
As  stated  in  [7],  this  optimal  solution  is  not  always  achievable. 
Hence,  we  consider  assignment  distributions  with  |A|  >  1, 
including  the  binomial  distribution  discussed  in  Section  I-A. 

To  approximate  the  optimal  solution  with  |A|  =  1,  it  is 
highly  desirable  to  specify  the  set  A  by  a  contiguous  set  of 
integers  {A  €  Z  :  \min  <  A  <  Xmax}  such  that  |A|  is 
as  small  as  possible.  Furthermore,  to  best  approximate  the 
optimal  solution,  the  value  of  the  assignment  distribution  V 
should  be  larger  for  the  values  of  A  nearest  to  p.  As  will 
be  discussed  in  Section  II-D,  trade-offs  exist  which  further 
complicate  the  design  problem. 

C.  Seed  Assignment  Algorithms 

An  algorithm  which  assigns  seeds  to  nodes  based  on  a 
desired  assignment  distribution  V  must  take  into  account  the 
assumption  that  each  of  the  N  nodes  receives  exactly  K 
seeds.  Assuming  the  assignment  distribution  V  is  specified,  we 
propose  three  seed  assignment  algorithms  based  on  repeated 
sampling  of  the  assignment  distribution  V ,  noting  that  many 
such  algorithms  can  be  designed.  The  algorithms  presented 
in  this  section  are  the  Random  Weighted  Seed  Selection 
(RWSS).  Random  Assignment  Set  Selection  (RASS),  and  Ran¬ 
dom  Node  Partition  (RNP)  algorithms.  Each  of  the  algorithms 
is  described  and  presented  as  code,  in  which  the  function 
samplefP)  refers  to  a  sample  of  the  assignment  distribution 
V  and  the  function  select (n,  X)  refers  to  a  random  selection 
of  n  items  from  the  set  X. 

RWSS  Algorithm:  Let  T  represent  the  set  of  pairs  (s,  A) 
where  s  is  a  seed  and  A  is  a  sample  of  the  assignment 
distribution  V.  Initially,  T  =  0.  Since  the  total  number  of 
seed  assignments  is  NK ,  pairs  (s,  A)  are  generated  and  added 
to  T  until  _ 

X>  N  ■  K. 

(s,A)G3> 

For  each  of  the  N  nodes,  K  pairs  (s,  A)  with  A  >  0  are 
selected  from  T.  The  seed  s  for  each  of  the  K  selected  pairs 
is  assigned  to  the  node.  Each  value  A  for  the  selected  pairs  is 
decremented  before  replacing  the  pairs  in  'f .  The  decreasing 
value  of  A  will  ensure  that  each  seed  is  assigned  only  as 
many  times  as  specified  by  the  sample  of  V.  The  algorithm 
terminates  as  soon  as  each  of  the  N  nodes  has  received  K 
seeds.  The  RWSS  algorithm  is  presented  in  Fig.  2. 

RASS  Algorithm:  Let  Cl  =  {!,....  N }  represent  the  set  of 
N  nodes.  For  each  seed  s,  a  sample  A  €  A  of  the  assignment 
distribution  V  is  generated.  The  assignment  set  S(s)  of  A 
nodes  is  randomly  chosen  from  Cl,  and  the  seed  s  is  assigned 
to  the  nodes  in  S(s).  A  node  is  removed  from  Cl  as  soon  as 
it  is  assigned  K  seeds.  Hence,  the  algorithm  terminates  once 
Q  =  0.  The  RASS  algorithm  is  presented  in  Fig.  3. 

RNP  Algorithm:  The  set  { 1 . . . . .  N }  is  randomly  partitioned 
into  subsets  Si,...,  St  such  that  the  subset  sizes  \Si\  are 


Algorithm:  RWSS(N ,  K ,  V) 

'P  <—  0,f  <—  l 

while  A  <  N  ■  K  do 

'I1  <—  U  ( Sj ,  samplefP)) 

j  ^  j  +  1 

end  while 

for  n  from  1  to  N  do 

*0  <-  {(s,  A)  £  'k  :  A  >  0} 

E  <—  select-  (’I'o,  min(if,  |io|)) 
if  \E\  <  K  then 
F  <—  select  (tf  \  E,  K  -  |E|) 
E^EUF 
end  if 

assign  (s  :  (s,  A)  £  E}  to  n 
(s,  A)  <-  (s,  A  -  1)  for  (s,  A)  S  E 

end  for 


Fig.  2.  RWSS  Algorithm 


Algorithm:  RASS(N,  I\,  V) 

n  4-  {(i,o) . (Jv,o)} 

while  |fi|  >  0  do 
A  <—  samplefP) 

S  <—  select  (ft,  min(A,  |f2|)) 
assign  next  seed  to  (n  :  (n,  c)  £  S'} 
(n,  c )  <—  (n,  c  +  1)  for  (n,  c)  £  S 
n  <-  n\  {( n,c )  £  S  :  c  =  K} 
end  while 


Fig.  3.  RASS  Algorithm 


samples  of  the  assignment  distribution  V.  The  nodes  in  each 
subset  Si  are  assigned  a  common  seed,  ensuring  that  each  node 
receives  exactly  one  seed.  The  set-partition  step  is  repeated  a 
total  of  K  times.  To  ensure  that  each  St  reflects  a  sample  of 
V ,  the  final  partition  subset  St  in  each  round  is  combined  with 
a  random  selection  of  nodes  which  are  then  omitted  from  the 
subsequent  round.  The  RNP  Algorithm  is  presented  in  Fig.  4. 


D.  Finite  Sampling  Effects 

In  the  three  algorithms  presented  in  the  previous  section,  a 
finite  number  of  samples  are  taken  from  the  assignment  dis¬ 
tribution  V.  As  discussed  below,  each  of  the  three  algorithms 
can  result  in  assignment  sets  of  size  A  ^  A  near  termination 
of  the  algorithm.  We  refer  to  the  occurrence  of  such  sets  as 
boundary  effects.  In  what  follows,  we  discuss  these  boundary 
effects  and  how  they  can  be  avoided. 


Algorithm:  RNP(N,  K ,  V) 

$1^0 

for  i  from  1  to  K  do 
<t>^  (1, . . . ,  N}  \  3>i 
while  <f>  >  0  do 
A  <—  sample(P) 

S  <—  select  (i,  min(A,  |<t>|)) 
if  |  SI  <  A  and  i  <  I\  then 

$1  <_  seiect  ({i, . . . ,  N}  \  S,  A  -  |S|) 
S^SU4>i 
end  if 

assign  next  seed  to  nodes  in  S 

<f>  A  $\S 

end  while 
end  for 


Fig.  4.  RNP  Algorithm 


1)  RWSS  Algorithm:  Near  the  end  of  the  RWSS  algorithm, 
the  number  of  seeds  with  positive  weight  may  be  less  than 
K.  In  order  to  avoid  very  small  assignment  sets,  a  random 
selection  of  seeds  with  A  =  0  can  be  combined  with  the 
remaining  seeds  to  ensure  that  every  node  receives  K  seeds. 
This  technique  can  result  in  a  small  number  of  assignment  sets 
with  size  slightly  greater  than  Amax  and  a  small  number  of 
assignment  sets  of  size  slightly  less  than  A  min- 

2)  RASS  Algorithm:  Near  the  end  of  the  RASS  algorithm, 
the  number  of  nodes  with  fewer  than  K  seeds  may  be  smaller 
than  the  generated  A.  Hence,  assignment  sets  of  size  less  than 
A min  may  occur  before  the  algorithm  terminates.  If  desired, 
these  small  sets  of  remaining  nodes  can  be  added  to  previously 
designated  assignment  sets,  possibly  leading  to  a  small  number 
of  assignment  sets  of  size  greater  than  Amax. 

3)  RNP  Algorithm:  The  repeated  samples  of  the  assignment 
distribution  V  in  each  round  of  the  RNP  algorithm  will  often 
not  sum  to  N.  As  discussed  above,  the  last  subset  St  can 
be  combined  with  a  random  selection  of  nodes  which  are 
then  omitted  from  the  subsequent  round.  In  the  Kth  round, 
however,  a  single  assignment  set  of  size  less  than  A mjra 
may  occur.  The  special  case  where  A  =  {A}  and  ^  is  an 
integer  does  not  suffer  from  boundary  effects.  This  special 
case  approximates  the  use  of  combinatorial  designs  [7],  [8], 

Through  extensive  simulation,  we  notice  that  the  occurrence 
of  boundary  effects  increases  as  |A|  decreases.  Hence,  there 
exists  a  trade-off  between  minimizing  the  size  of  the  support 
A  and  minimizing  the  boundary  effects  which  occur.  In  order 
to  balance  this  trade-off,  however,  the  analytical  properties 
of  seed  assignment  in  terms  of  the  assignment  distribution 
must  be  investigated.  Hence,  we  are  interested  in  analyzing 
probabilistic  network  connectivity  and  resilience  to  node  cap¬ 
ture.  The  model  for  network  connectivity  is  presented  in  the 
next  section,  and  the  analysis  based  on  this  model  is  provided 
in  Section  IV.  Furthermore,  the  worst-case  resilience  to  node 
capture,  also  analyzed  in  Section  IV,  can  be  considered  in  the 
design  of  an  assignment  distribution. 

III.  Network  Connectivity  Model 

In  order  to  design  an  assignment  distribution  used  for  seed 
assignment,  we  propose  a  model  for  wireless  connectivity  in 
which  communication  is  limited  both  by  radio  range  and  an 
independent  (random  or  deterministic)  logical  restriction,  such 
as  the  existence  of  shared  predistributed  seeds.  We  assume 
that  N  nodes  are  deployed  uniformly  at  random  with  resulting 
locations  xu  £  A  C  R2  for  u  =  1 ,N  and  each  node  has 
an  omni-directional  antenna  with  radio  range  r.  Based  on  the 
assumptions,  we  derive  the  probability  Pc{k)  that  the  network 
is  k -connected  using  graph  theory  and  spatial  statistics. 

We  derive  the  probability  Pa(k)  using  three  graphs:  the 
physical  graph ,  logical  graph ,  and  network  graph.  The  physi¬ 
cal  graph  Gp  models  communication  restricted  by  radio  range 
such  that  a  pair  of  nodes  are  adjacent  in  Gp  if  and  only  if 
they  are  within  radio  range.  The  logical  graph  Gp  models 
logical  relationships  resulting  from  the  given  relation  TZ  such 
that  a  pair  of  nodes  are  adjacent  in  Gp  if  and  only  if  the 


relation  1Z  is  true.  The  network  graph  G  is  given  by  the  edge¬ 
wise  intersection  of  Gp  and  Gp,  appropriately  modeling  the 
desired  restrictions  on  the  wireless  network.  The  probability 
Pc(k)  is  then  given  by  the  probability  that  the  graph  G  is 
/.-connected. 

We  provide  the  following  results  relating  to  the  node  degree 
and  the  connectivity  of  the  network  graph  G.  The  final  result 
given  in  Theorem  2  provides  a  probabilistic  connectivity 
model  which  can  be  used  to  provide  sufficient  parameters  for 
desired  network  connectivity. 

Lemma  1:  Given  a  node  u  with  degree  D  in  the  logical 
graph  Gp,  the  probability  Pr[du  >  fc]  that  u  has  degree  at 
least  k  in  the  network  graph  G  is  given  by 


Pr[du  >  k]  =  1  —  e  p 


k- 1 

E 


(p^nr2Y 


i= 0 

Proof:  The  physical  graph  Gp  can  be  modeled  by  a 
geometric  random  graph  with  vertices  distributed  according 
to  a  two-dimensional  Poisson  point  process  with  rate  P~  M|- 
Thus,  the  probability  distribution  of  the  number  of  nodes 
d  within  distance  r  of  the  node  u  is  given  by  a  Poisson 
distribution  with  parameter  pitr2  [11],  Hence,  the  probability 
that  the  number  of  nodes  d  is  at  least  a  given  value  k  in  the 
physical  graph  Gp  is  given  by 


fc-i 

Pr[d  >k]  =  1  -  e~p Kr2 

i= 0 


(pitr2)1 


(1) 


Given  that  a  vertex  u  has  degree  I)  in  Gp,  the  degree  du 
of  node  u  in  the  network  graph  G  is  at  least  k  if  and  only 
if  at  least  k  of  the  D  neighbors  of  u  in  Gp  are  within 
distance  r  of  u.  Since  the  neighbors  of  u  in  Gp  are  determined 
independently  of  the  neighbors  of  u  in  Gp,  the  neighbors  of 
u  in  G  are  uniformly  distributed  in  the  region  A.  Thus,  the 
neighbors  of  u  in  Gp  form  a  geometric  random  graph  Gp, 
which  can  be  represented  by  a  two-dimensional  Poisson  point 
process  with  rate  =  p ^±1.  Hence,  replacing  p  by  p ^±1 
in  (1)  completes  the  proof.  ■ 

Theorem  2:  The  network  graph  G  resulting  from  edge-wise 
intersection  of  a  physical  graph  Gp  and  a  logical  graph  Gp 
with  average  node  degree  D  is  fc-connected  with  probability 
Pc{k)  given  by 


k- 1 


Po(k)  =  1  -  e 


(p^Trr2)' 


N 


i= 0 


where  p  =  pq-  is  the  node  density  in  the  region  A. 

Proof:  The  probability  that  the  degree  du  of  a  node  u  is 
at  least  k  in  the  network  graph  G  is  given  by  Lemma  1.  Thus, 
the  minimum  node  degree  dmin  =  min{<iu  :  u  =  1, ... ,  N} 
is  at  least  k  in  G  with  probability  given  by 


Pr[dmin  >  fc]  =  Pr[di  >  k, . . .  ,dN  >  k\.  (2) 


Due  to  the  properties  of  the  Poisson  point  process,  the  prob¬ 
abilities  given  by  Lemma  1  are  independent  and  identically 
distributed  for  each  node  u.  Hence,  the  minimum  node  degree 


nodes  contain  s  can  be  approximated  as 


x—m 


•  Sensor  node 

. Shared  seed  between  nodes 

-  —  Radius  for  4  neighbors 
. Radius  for  4  seed-sharing  neighbors 


Fig.  5.  The  required  radio  range  r  of  each  node  to  guarantee  network 
connectivity  increases  as  the  number  of  nodes  D  which  share  seeds  with  a 
given  node  decreases.  This  illustration  compares  the  case  D  =  N  —  1  to 
D  «  N. 


dmin  is  at  least  k  with  probability  Pr[dmin  >  k]  =  Pr[du  > 
k]N .  As  r  increases,  a  geometric  random  graph  becomes  k- 
connected,  asymptotically,  as  soon  as  the  minimum  vertex 
degree  is  k  with  high  probability  [12],  [13].  Hence,  the 
probability  of  connectivity  is  given  by  Pc{k)  =  Pr[dmin  > 
k}.  U 

The  result  of  Theorem  2,  with  fixed  values  of  k,  N,  and 
p,  suggests  that  as  the  number  of  nodes  D  which  share  seed 
with  a  given  node  decreases,  the  radio  range  r  of  each  node 
must  increase  as  illustrated  by  Fig.  5. 

IV.  Analysis  of  Seed  Assignment 

In  this  section,  we  provide  probabilistic  analysis  for  seed 
assignment  using  a  given  assignment  distribution  V.  We 
provide  a  general  probabilistic  analysis  for  resilience  to  node 
capture.  We  compute  the  probability  that  two  nodes  share  a 
given  seed  and  the  probability  that  two  nodes  share  exactly  i 
seeds  for  i  —  1 ,K.  Finally,  we  compute  the  probability 
of  network  connectivity  using  Theorem  2. 

A.  Resilience  to  Node  Capture 

The  resilience  to  node  capture  for  a  given  key  predistribu¬ 
tion  scheme  can  be  measured  by  computing  the  fraction  of 
links  fix)  which  are  compromised  when  x  nodes  have  been 
randomly  captured.  However,  the  means  of  compromising  a 
link  depend  on  the  link  key  establishment  protocol  and  the  type 
of  seeds  which  are  assigned.  Hence,  for  generality,  we  measure 
resilience  to  node  capture  by  deriving  an  approximation  for  the 
probability  pc(m,x)  that  exactly  to  of  the  x  captured  nodes 
contain  a  given  seed. 

Lemma  3:  Given  uncaptured  nodes  u  and  v  which  share  a 
seed  s  such  that  A  =  |5(s)|  is  known,  if  x  <C  N  and  to  <C  A, 
the  probability  pc(m,x,  A)  that  exactly  to  of  the  x  captured 


pc(m,x,  A) 


A  —  2 


N- A 


N  —  2  J  \N-2/ 

Proof:  If  x  V  and  to  <C  A,  then  we  can  assume  that 
each  of  the  captured  nodes  contains  the  seed  s  independently, 
and  the  selection  of  x  out  of  (N  —  2)  nodes  can  be  modeled  as 
repeated  trials  of  selection  with  replacement.  For  each  trial,  the 
probability  that  the  selected  node  contains  the  seed  s  given  that 
(A— 2)  of  the  (iV — 2)  nodes  contain  s  is  The  assumption 
of  independence  suggests  that  each  of  the  x  trials  can  be 
modeled  as  an  independent  Bernoulli  random  variable.  Hence, 
the  probability  that  to  of  the  x  trials  are  successful  is  given 
by  a  binomial  distribution,  and  the  probability  pc(m,x,  A)  is 
as  desired.  ■ 

Lemma  3  demonstrates  the  claims  that  a  seed  shared  by 
a  large  set  of  nodes  leads  to  a  high  probability  of  link  key 
compromise  as  discussed  in  Section  I.  Hence,  this  lemma  can 
be  used  to  evaluate  the  worst-case  resilience  to  node  capture 
for  a  given  seed  assignment  protocol.  The  following  theorem 
can  similarly  be  used  to  evaluate  the  average  resilience  to  node 
capture. 

Theorem  4:  Given  an  assignment  distribution  V  with  mean 
//,  uncaptured  nodes  u  and  v  which  share  a  seed  s,  and  x 
captured  nodes,  the  probability  pc(m,  x)  that  exactly  to  of  the 
x  captured  nodes  contain  s  can  be  approximated  as 


Pc(m,  x) 


x\  (  P-2\m  (N-p\ 
mj  \N-2j  \N-2J 


where  p  is  the  mean  of  a  given  assignment  distribution  V. 

Proof:  This  result  is  an  approximation  to  the  result  of 
Lemma  3  obtained  by  replacing  A  by  the  mean  p  of  the 
assignment  distribution  V.  ■ 


B.  Probability  of  Sharing  Seeds 

We  next  compute  the  probability  that  a  given  pair  of  nodes 
share  i  of  the  K  assigned  seeds,  for  i  =  1, . . . ,  K.  Lemma  5 
computes  the  probability  that  a  given  pair  of  nodes  will  share 
a  given  seed  such  that  the  number  of  nodes  sharing  the  seed  is 
known.  Theorem  6  computes  the  probability  that  a  given  pair 
of  nodes  will  share  i  of  the  K  assigned  seeds  such  that  the 
number  of  nodes  sharing  each  seed  is  known.  This  theorem  can 
be  used  to  evaluate  the  worst-case  probability  of  sharing  seeds 
for  a  given  assignment  distribution  V.  Finally,  Theorem  7 
computes  the  average  probability  that  a  given  pair  of  nodes 
will  share  i  of  the  K  assigned  seeds  for  a  given  assignment 
distribution  V . 

Lemma  5:  A  node  u  containing  a  seed  s,  such  that  A  = 
|S(s)|  is  known,  will  share  s  with  a  node  v  with  probability 

P{s,X)  =  j^Ey. 

Proof:  Given  a  node  u  containing  s,  exactly  (A  —  1)  of 
the  remaining  (N—  1)  nodes  contain  s.  Hence,  the  probability 
that  v  is  one  of  these  (A  —  1)  nodes  is  -^Ey-  ■ 

Theorem  6:  A  node  u  containing  seeds  Si,...,Sk,  such 
that  A  j  =  IS'(sj)!  for  j  =  1 , ,K  are  known,  will  share  ex¬ 
actly  i  seeds  with  a  node  v  with  probability  ps(i,  Ai, . . . ,  A  at) 


given  by 


At.  -  1 


ps(i,  Xi,...,  XK)  =^— yy  Ein^Z 


7T  \j  =  1 


N  —  1 


K 

n 

3=1+ 1 


N  -  Xw 
_ 22 

N  —  1 


where  the  summation  is  over  all  permutations  7r  = 
of 

Proof:  The  event  that  v  shares  Sy  with  u  can  he  modeled 
as  a  Bernoulli  trial  with  success  probability  p(sy,Ay)  given 
by  Lemma  5.  The  probability  that  i  of  the  K  independent 
events  occur  is  given  by  the  probability  that  the  sum  of  K 
independent  Bernoulli  random  variables  is  equal  to  i.  Since 
the  success  probabilities  of  the  K  events  are  not  equal,  the 
total  probability  is  summed  over  all  possible  choices  of  i  of 
the  I\  events,  represented  by  the  first  i  entries  of  a  permu¬ 
tation  of  (1, . . . ,  K).  For  a  given  permutation  (7Ti, . . . ,  +k) 
of  (1 , ,K),  the  contribution  to  the  total  probability  is  the 
product  of  p(sWj,  XKj)  for  j  =  1 i  and  1  -  p(snj,  Xnj) 
for  j  =  i  +  1, . . . ,  K.  To  compensate  for  permutations  which 
result  in  the  choice  of  the  same  i  events,  the  probability  is 
multiplied  by  i!(K1_i)!.  ■ 

Theorem  7:  A  node  u  will  share  exactly  i  seeds  with  a  node 
v  with  probability  pa(i)  given  by 


Ps{i) 


K 


P-  1 
N  -  1 


N-p 
N-  1 


K-i 


where  /j  is  the  mean  of  the  assignment  distribution  V. 

Proof:  Since  the  random  variables  X  \ , . . . ,  X  k  are  in¬ 
dependent,  the  probability  pa(i)  can  be  computed  by  taking 
the  expected  value  of  ps(i,  X\, . . . ,  Xk),  as  given  by  Theo¬ 
rem  6,  with  respect  to  each  of  the  random  variables.  Letting 
the  expected  value  with  respect  to  Ay  be  denoted  £j  [■],  the 
probability  ps  (i)  is  given  by 


£"K j  [Att  -]  —  1 


TT  \j=  1 


N-  1 


K 

n 

3=1+ 1 


N-l 


(3) 


Identical  distribution  of  the  Xj  suggests  that  each  £^-.[Aw.]  is 
equal  to  the  mean  p  of  the  assignment  distribution  V .  The 
product  terms  are  thus  independent  of  the  index  j,  and  the 
summands  are  independent  of  the  permutation  7 r,  so  the  sum- 
of-products  form  is  replaced  by  a  single  product  of  exponents 
with  coefficient  =  (*)•  ■ 

C.  Network  Connectivity 

Theorem  2  provides  the  probability  of  network  connectivity 
as  a  function  of  the  average  node  degree  D  in  the  logical 
graph  Gl ■  Assuming  the  logical  graph  relation  1Z  is  true  if 
and  only  if  the  given  pair  of  nodes  share  at  least  one  seed,  we 
compute  the  average  degree  D.  We  first  compute  the  expected 


•  Sensor  node 
c^-Possible  shared  seed  -  bin 
£3  Shared  seed  -  ball  in  bin 


Fig.  6.  Seed  assignment  to  nodes  in  the  network  is  represented  by 
a  combinatorial  occupancy  problem  where  each  pair  of  nodes  (u.  v)  is 
represented  by  a  bin.  and  a  shared  seed  between  nodes  u  and  v  is  indicated 
by  a  ball  in  the  bin  (u,  v). 


degree  d(u)  of  a  node  u  in  Gl  given  that  the  sizes  Xj  of 
the  K  assignment  sets  corresponding  to  the  seeds  assigned  to 
node  u  are  known.  This  computation  is  done  by  mapping  the 
assignment  of  seeds  to  node  u  to  a  combinatorial  occupancy 
problem.  Each  pair  of  nodes  (u,v),  for  v  ^  u,  is  represented 
by  a  bin,  and  a  shared  seed  between  nodes  u  and  v  corresponds 
to  a  ball  in  the  bin  representing  (u,v).  Hence,  the  expected 
degree  d(u)  is  given  by  the  average  number  of  non-empty  bins. 
The  average  node  degree  D  in  Gl  is  then  computed  by  taking 
the  expected  value  of  d(u)  with  respect  to  the  assignment 
distribution  V.  The  mapping  to  a  combinatorial  occupancy 
problem  is  illustrated  in  Fig.  6. 

Lemma  8:  Given  a  node  u  with  seeds  sq  , . . . ,  Sk ,  such  that 
Xj  =  ,S'(.s?-j|  for  j  =  1  are  known,  the  probability 

Pr[e(u)  >  E\  that  the  number  of  nodes  e(u)  which  will  not 
share  a  seed  with  u  is  at  least  E  is  given  by 


Pr[e(u)  >  E]  = 

N- 1 

£(-D 


%-E 


m—E 


m  —  1 
E  —  1 


N-l 


m 


K  (N-l-m\ 
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Proof:  The  event  that  u  and  (Ay  —  1)  other  nodes  contain 
a  seed  Sj  corresponds  to  placing  (Ay  —  1)  balls  in  the  (N  —  1) 
bins  (it,  v),v  u.  If  the  set  of  m  >  E  bins  to  remain  empty 
is  given,  the  number  of  ways  to  place  the  (Ay  —  1)  balls  in 


the  (N  —  1  —  7n)  bins  is  1J~1m)  ■  Thus,  the  total  number  of 
ways  to  assign  K  seeds  in  such  a  way  that  a  particular  set  of 
to  >  E  bins  remains  empty  is  TIy=i  ( E  'jT™)  •  The  number 
of  ways  to  select  the  m  bins  to  remain  empty  is  ( 1 ) .  By 
the  Inclusion-Exclusion  Principle  [14],  the  number  of  ways 
M ( E )  that  K  subsets  of  bins  can  be  chosen  such  that  at  least 


E  bins  remain  empty  is  given  by 


M(E)  = 


N-l 


E(-d 

m—E 


(4) 


Dividing  M (E)  by  the  total  number  of  ways  to  choose  the  K 
subsets  given  by  M( 0)  yields  the  probability  that  at  least  E 
bins  remain  empty.  ■ 

Theorem  9:  Given  a  node  u  with  seeds  Si,...,sk,  such 
that  A j  =  |<S'(sj)|  for  j  =  1, . . . ,  K  are  known,  the  expected 
degree  d(u)  of  u  in  the  logical  graph  Gl  is  given  by 


K 


dM  =  (N- 1)  1-n^T 


i=i 


Proof:  The  expected  number  of  empty  bins  £[e(u)]  can 
be  computed  using  the  fact  that 


N—l 

£i<u)}  =  E  Pr[e(u)  >  E] 

E=  1 


(5) 


Theorem  10:  The  expected  node  degree  D  in  the  logical 
graph  Gl(N,  1Z)  is  given  by 


D  =  (N  —  1)  I  1  — 
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Proof:  The  expected  node  degree  D  is  computed  by 
taking  the  expected  value  of  d(u)  given  by  Theorem  9  with 
respect  to  each  of  the  independent  random  variables  A  j  for 
j  =  1 ,K,  denoted  by  £_/[•].  The  expected  node  degree  D 
is  thus  given  by 


D  - 1)  (i  -  n  j.  (i2) 

Identical  distribution  of  the  A  j  suggests  that  £j[Af\  can  be 
replaced  by  the  mean  //  of  the  assignment  distribution  V 
completing  the  proof.  ■ 

Theorem  10  can  then  be  applied  directly  to  the  result  of 
Theorem  2  to  yield  the  probability  Pc(k)  that  the  secure 
network  is  fc -connected. 


since  e(u )  is  a  non-negative  discrete  random  variable  [15]. 
Substituting  the  result  of  Lemma  8  into  (5)  provides  an 
expression  for  £ [e(u)].  The  expected  degree  d(u)  is  then  given 
by 

d(u)  =  N  —  1  —  £[e(u)]  (6) 


because  each  non-empty  bin  corresponds  to  an  edge  in  the 
graph  Gl-  Replacing  £[e(u)]  with  the  result  from  Lemma  8 
yields 


d{u)  =  N  —  1— 

JV-l  JV-l 

E  E  (-D 


m—E 


E= 1  m=E 


N  —  1\  (m  —  1 
E  —  1 


K  ^N—l—m'j 


n 


N-  is  •  (7) 

j= 1  VAj-J 


Reversing  the  order  of  summation  and  appropriately  changing 
the  limits  of  summation  yields 


d(u)  =  N  —  1  — 
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The  binomial  theorem  suggests  that 
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Since  0°  =  1,  the  only  non-zero  term  of  the  summation  is 
when  to  =  1.  Hence  the  expected  degree  of  node  u  is  given 


d{u)  =  N  —  1  — 
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V.  Numerical  Example  and  Comparison  to 
Previous  Works 

In  this  section,  we  provide  numerical  examples  demonstrat¬ 
ing  the  use  of  the  proposed  seed  assignment  and  network 
connectivity  models.  The  examples  are  analytically  compared 
to  the  existing  key  predistribution  schemes  of  [4]  and  [10].  For 
both  examples,  we  consider  a  network  of  N  =  10,  000  nodes 
deployed  over  a  region  A  of  area  \A\  =  1  km2.  Each  node 
is  equipped  with  a  radio  of  range  r  =  40  m  and  has  storage 
for  200  key-length  quantities.  Connectivity  is  guaranteed  with 
probability  0.999. 


A.  Comparison  with  Random  Key  Predistribution  [4] 

Since  each  stored  quantity  in  this  scheme  is  a  key,  K  =  200. 
For  this  example,  we  assume  that  no  more  than  24  nodes  are 
allowed  to  share  a  given  seed.  The  given  parameters  can  be 
applied  to  Theorem  2  and  Theorem  10  to  yield  a  minimum 
average  assignment  set  size  of  p  >  20.5.  Based  on  design 
parameters,  we  select  the  assignment  distribution  given  by 

A  €  {17, . . . ,  20} 

A  e  {21,..., 24}  (13) 

I  0,  else 


which  is  symmetric  over  p  =  20.5  and  has  support  A  = 
{17, .  ..,24}.  Furthermore,  we  choose  the  RWSS  protocol 
for  illustration,  noting  that  boundary  effects  may  result  in 
assignment  sets  of  size  A  ^  A  with  negligible  probability.  The 
desired  and  simulated  assignment  distributions  are  illustrated 
in  Fig.  7.  We  compare  this  scheme  to  that  of  [4]  with  the 
same  design  parameters.  A  random  subset  of  K  =  200  seeds 
from  a  set  of  P  =  =  97,  561  seeds  is  independently 

selected  and  assigned  for  each  node.  Each  assigned  seed  is  a 
cryptographic  key  used  directly  as  a  link  key.  A  link  secured 
using  a  seed  s  is  compromised  as  soon  as  the  adversary 


Comparision  with  Random  Key  Predistribution 


Comparison  with  Polynomial-Pool  Scheme 


Fig.  7.  The  plot  compares  the  designed  assignment  distribution  in  (13)  with 
the  simulated  distribution  for  AT  =  10,  000  and  K  =  200.  The  plotted  values 
of  the  simulated  distribution  for  A  outside  the  support  A  =  {17, . . . ,  24} 
represent  the  boundary  effects  due  to  finite  sampling  of  V. 


Fig.  8.  The  plot  compares  the  designed  assignment  distribution  in  (16)  with 
the  simulated  distribution  for  N  =  10,  000  and  K  =  10.  The  plotted  values 
of  the  simulated  distribution  for  A  outside  the  support  A  =  {361, . . . ,  400} 
represent  the  boundary  effects  due  to  finite  sampling  of  V . 


captures  a  single  node  containing  s.  Hence,  the  probability 
of  link  compromise  is  approximated  by  Theorem  4  as 

/O)  =  1- pc( 0, x)  «  1  -  ■  (14) 

The  binomial  distribution  resulting  from  random  key  predistri¬ 
bution  yields  an  average  assignment  set  size  of  p  =  .  Thus, 

the  result  of  (14)  is  approximately  equal  to  the  probability  of 
link  compromise 

/(*)  =  1  -  (i  -  (15) 

published  in  [5],  However,  the  example  given  above  has  the 
distinct  advantage  of  avoiding  the  tail-effects  discussed  in 
Section  I-A.  Based  on  the  binomial  distribution  resulting  from 
the  seed  assignment  protocol  of  [4],  the  parameters  given  in 
the  example  yield  a  probability  of  Pr[ A  <  16]  =  0.190  that  at 
most  16  nodes  share  a  seed  and  a  probability  of  Pr[A  >  25]  = 
0.186  that  25  or  more  nodes  share  a  seed.  Hence,  the  use  of 
our  protocols  eliminates  the  19%  of  seeds  shared  by  fewer 
nodes  than  desired  and  the  18.6%  of  seeds  shared  by  more 
nodes  than  desired,  resulting  in  a  more  balanced  assignment 
of  seeds  to  nodes. 

The  worst-case  probability  of  sharing  at  least  one  seed  can 
be  computed  using  Theorem  6  as  1  —  ps(0,  Amm, . . . ,  A m*n). 
For  the  scheme  of  [4],  this  probability  is  0  because  A min  =  1- 
However,  we  compare  to  the  simulated  results  shown  in  Fig.  1 
where  A min  =  4,  yielding  a  worst-case  probability  of  0.058. 
The  scheme  designed  above  yields  a  worst-case  probability 
of  0.274  of  sharing  at  least  one  seed,  demonstrating  a  sig¬ 
nificant  increase  in  the  worst-case  probability.  The  worst-case 
resilience  is  evaluated  for  x  =  50  using  Lemma  3  as  /( x)  = 
1  —  pc(0,  x,  Xmax)-  F°r  the  scheme  of  [4],  this  probability 
is  1  because  \max  =  N.  However,  we  again  compare  to 
the  simulated  results  shown  in  Fig.  1  where  A max  =  42, 
yielding  a  worst-case  probability  of  /(50)  =  0.186.  The 
scheme  designed  above  yields  a  worst-case  probability  of 


/( 50)  =  0.109,  demonstrating  a  significant  decrease  in  the 
worst-case  probability. 


B.  Comparison  with  Polynomial -Pool  Scheme  [10] 

For  this  scheme,  each  seed  is  given  by  the  t  coefficients  of 
the  corresponding  polynomial  share,  so  the  number  of  seeds 
K  and  threshold  t  must  satisfy  Kt  <  200.  Hence,  we  choose 
K  =  10  and  t  =  20.  For  this  example,  we  assume  that  no 
more  than  400  nodes  are  allowed  to  have  shares  of  the  same 
polynomial.  The  given  parameters  can  be  applied  to  Theorem  2 
and  Theorem  10  to  yield  a  minimum  average  assignment  set 
size  of  p  >  380.3.  Based  on  the  design  parameters,  we  select 
the  assignment  distribution  given  by 

f  A  €{361,...,  380} 

A  €{381,..., 400}  (16) 

I  0,  else 


which  is  symmetric  over  p  =  380.5  and  has  support  A  = 
{361, . . . ,  400}.  Furthermore,  we  choose  the  RWSS  algorithm 
for  illustration,  noting  that  boundary  effects  may  result  in 
assignment  sets  of  size  A  ^  A  with  negligible  probability.  The 
desired  and  simulated  assignment  distributions  are  illustrated 
in  Fig.  8.  We  compare  this  scheme  to  that  of  [10]  with  the 
same  design  parameters.  Shares  of  a  random  subset  of  K  =  10 
polynomials  from  a  set  of  P  =  ATxJ  =  262  polynomials  are 
assigned  to  each  node.  A  link  key  is  compromised  when  at 
least  t  shares  of  the  common  polynomial  are  recovered  from 
captured  nodes.  According  to  Theorem  4,  the  average  case 
probability  that  at  least  t  of  the  x  captured  nodes  contain  shares 
of  a  given  polynomial  is 


/  O) 


1 


1 


t- 1 

Y  Pc(m,x) 

m— 0 

v  (N-Y 

iWU-2j  \N-2j 


(17) 


The  binomial  distribution  resulting  from  random  polynomial 
selection  yields  an  average  assignment  set  size  of  /r  = 

Thus,  the  result  of  (14)  is  approximately  equal  to  the  proba¬ 
bility  of  link  compromise 


f{x) 


x—m 


(18) 


published  in  [10].  However,  the  example  given  above  has 
the  distinct  advantage  of  avoiding  the  tail-effects  discussed  in 
Section  I-A.  Based  on  the  binomial  distribution  resulting  from 
the  seed  assignment  protocol  of  [4],  the  parameters  given  in 
the  example  yield  a  probability  of  Pr[A  <  360]  =  0.160 
that  at  most  360  nodes  share  a  seed  and  a  probability  of 
Pr[A  >  401]  =  0.137  that  401  or  more  nodes  share  a 
seed.  Hence,  the  use  of  our  protocols  eliminates  the  16%  of 
seeds  shared  by  fewer  nodes  than  desired  and  the  13.7%  of 
seeds  shared  by  more  nodes  than  desired,  resulting  in  a  more 
balanced  assignment  of  seeds  to  nodes. 

The  worst-case  probability  of  sharing  at  least  one  seed  can 
be  computed  using  Theorem  6  as  1  —  ps(0,  A min,  ■  ■  ■ ,  A min)- 
For  the  scheme  of  [10],  this  probability  is  0  because  A =  1. 
We  choose  to  compare  using  the  smallest  value  of  A  such  that 
P(A )*P  >  1,  providing  the  expected  minimum  assignment  set 
size  in  lieu  of  simulation.  This  value  is  given  by  A min  —  341 
and  yields  a  worst-case  probability  of  0.293.  The  scheme 
designed  above  yields  a  worst-case  probability  of  0.307  of 
sharing  at  least  one  seed,  demonstrating  a  slight  increase  in  the 
worst-case  probability.  The  worst-case  resilience  is  evaluated 
for  x  =  500  using  Lemma  3  as  f(x )  =  1  —  pc(0,  x,  Xmax)- 
For  the  scheme  of  [10],  this  probability  is  1  because  Xmax  = 
N.  In  this  case,  we  choose  to  compare  using  the  largest 
value  of  A  such  that  P(A)  *  P  >  1,  providing  the  expected 
maximum  assignment  set  size  in  lieu  of  simulation.  This  value 
is  given  by  \max  =  416  and  yields  a  worst-case  probability  of 
/(500)  =  0.594.  The  scheme  designed  above  yields  a  worst- 
case  probability  of  /(500)  =  0.523,  demonstrating  a  slight 
decrease  in  the  worst-case  probability. 

The  major  advantage  of  our  seed  assignment  model  for 
threshold  secret-sharing  schemes  [9],  [10]  arises  in  cases 
where  the  storage  requirement  is  high  enough  to  allow  for 
a  threshold  t  such  that  t  >  /i.  In  such  a  case,  the  assignment 
distribution  can  be  designed  with  \max  =  t,  leading  to  a 
fraction  of  compromised  links  equal  to  0  for  all  values  of 
x. 


VI.  Conclusion 

We  proposed  a  general  model  for  seed  assignment  which 
regulates  the  number  of  nodes  sharing  each  seed  using  a  dis¬ 
crete  probability  distribution.  The  proposed  model  enables  the 
reduction  of  key  wastage  while  providing  the  same  resilience 


to  node  capture  as  existing  schemes.  We  proposed  three 
seed  assignment  algorithms  based  on  taking  samples  of  a 
probability  distribution  and  discussed  the  boundary  effects 
which  result  from  taking  only  a  finite  number  of  samples.  In 
addition,  we  proposed  a  general  model  for  wireless  network 
connectivity  in  which  communication  is  limited  by  radio  range 
and  restricted  by  an  independent  pairwise  relationship  such  as 
the  existence  of  a  shared  seed.  We  analyzed  the  probabilistic 
network  connectivity  and  resilience  to  node  capture  for  seed 
assignment  schemes  using  the  proposed  models.  Finally,  we 
provided  numerical  examples  to  illustrate  the  use  of  the  seed 
assignment  models  as  well  as  a  comparison  to  existing  key 
predistribution  schemes. 
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